[Buildroot] fastd CPE/CVE reporting (Was: [autobuild.buildroot.net] Your daily results for 2021-03-21)

Alexander Dahl post at lespocky.de
Mon Apr 5 12:36:01 UTC 2021


Hello Thomas,

On Mon, Mar 29, 2021 at 03:28:03PM +0200, Thomas Petazzoni wrote:
> For this particular fastd CVE issue, what needs to be added is (1) the
> proper CPE identifier information in the Buildroot package and (2) get
> the NVD database maintainers to fix the CVE entry to indicate which
> fastd version has fixed the security vulnerability.

I hoped to have added the proper CPE identifier with ebe599de08ec
("package/fastd: add FASTD_CPE_ID_VERSION") in master (which was also
backported to 2021.02.x). However I got another warning mail today.

I'm not sure I understand (2) correctly. As far as I can see at
https://nvd.nist.gov/vuln/detail/CVE-2020-27638 that CVE is marked as
fixed for fastd 21.0.

Is there anything I missed to set for the buildroot package?

Greets
Alex

-- 
/"\ ASCII RIBBON | »With the first link, the chain is forged. The first
\ / CAMPAIGN     | speech censured, the first thought forbidden, the
 X  AGAINST      | first freedom denied, chains us all irrevocably.«
/ \ HTML MAIL    | (Jean-Luc Picard, quoting Judge Aaron Satie)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20210405/c8f8e939/attachment.asc>


More information about the buildroot mailing list